1. Field of the Invention
The present invention relates to a communication apparatus that is connected to a network and that is provided with an address filtering function, and a control method thereof.
2. Description of the Related Art
With the spread of the Internet in recent years, there has been concern over the vulnerability of network security to unwanted remote access or attacks from external devices, packet interception, and so on. As a measure against this, network devices are generally provided with functionality for filtering unwanted access from an external device using an IP address or a physical address. With this kind of filtering function, a user registers a specific address s/he wishes to refuse in advance; security is guaranteed by refusing access from an external device that has the registered address (Japanese Patent Laid-Open No. 2002-152279).
In some of such filtering functions, IP addresses from which reception is to be refused are registered so that the IP address of the external device that issued an access request is identified and filtered when it matches an address that has been registered. In other such filtering functions, MAC addresses are registered so that the MAC address of the external device that issued an access request is identified and filtered when it matches an address that has been registered.
However, conventional network device filtering technologies such as these have increased the workload since in a case where an external device has a plurality of addresses, a user is required to set all the addresses of the external devices as targets to be filtered. Also, there has been a problem in that in a case that a plurality of addresses are registered manually, a registration omission or a registration error may occur, causing a certain external device not to be treated as a target to be filtered, and resulting in a situation in which an unauthorized access cannot be prevented.
On the other hand, in a case that addresses of external devices for which access is to be permitted are registered, if there is a registration omission or a registration error, access from the external devices for which access is supposed to be permitted will be refused. Above all, since conventional filtering technologies have been established assuming only the use of IPv4 addresses, the application of these technologies is difficult in a case where the address length is long and a plurality of addresses is handled, as is the case with IPv6 addresses, the use of which is expected to spread.